Hi,

That's the issue with blocking third-party-cookies (or more precisely from blocking iFrames in a website from setting a cookie on another domain). It is great for privacy (if every website was allowed to read and write cookies from tracking.example, people could be tracked easily between domains).
But it also means that if you are tracking yourwebsite.example with matomo.example and are embedding the iFrame, you are stopping it from setting the opt-out cookie on matomo.example as this is also a third-party domain.

Now one solution is setting the opt-out cookie on the domain of the tracked website, but this is nothing the iFrame can do (as it only has access to the matomo.example domain) and is what is done when using this guide: https://developer.matomo.org/guides/tracking-javascript-guide#optional-creating-a-custom-opt-out-form

But this also means that you can not opt-out of tracking on matomo.example for all sites that are tracked there, but just for the one you are currently one.

I don't really have a solution as any method that allows to store the user consent status/opt-in/opt-out also allows to store tracking data about this user and will be therefore (rightfully) limited by browsers and browser extensions.

If you (or anyone else) have an idea on what could be done here, it would be great.

BTW if the privacy page includes the Matomo tracker and points to the same page Matomo tracker instance, then first party cookies will be used additionally to the third party. This was implemented in #15184

Meaning. If there's eg a tracker on the privacy policy page pointing to https://matomo.example.org/matomo.php and the opt out is also loaded from https://matomo.example.org/index.php?module=...&action=optout... then Matomo would try to set also a first party cookie for this site using a feature called postMessage.

Besides this there isn't anything else we can do I suppose except for a custom opt out form as mentioned in previous comment.

Thanks for contributing to this issue. As it has been a few months since the last activity and we believe this is likely not an issue anymore, (opt-out was changed since and doesn't use iframe anymore), then we will now close this. If that's not the case, please do feel free to either reopen this issue or open a new one. We will gladly take a look again!